<?php  
class ControllerUser extends Controller { 
	var $error = array();
   
  	function index() {
		$response =& $this->locator->get('response');
		$language =& $this->locator->get('language');
		$template =& $this->locator->get('template'); 
		$module   =& $this->locator->get('module');
	
    	$language->load('controller/user.php');

    	$template->set('title', $language->get('heading_title'));

    	$template->set('content', $this->getList());
	
		$template->set($module->fetch());
	
    	$response->set($template->fetch('layout.tpl'));
  	}
  
  	function insert() {
		$request  =& $this->locator->get('request');
		$response =& $this->locator->get('response');
		$database =& $this->locator->get('database');
		$url      =& $this->locator->get('url');
		$language =& $this->locator->get('language');
		$template =& $this->locator->get('template');
		$session  =& $this->locator->get('session');
		$module   =& $this->locator->get('module');

    	$language->load('controller/user.php');

    	$template->set('title', $language->get('heading_title'));
		
    	if ($request->isPost() && $request->has('username', 'post') && $this->validateForm()) {
	  		$sql = "insert into user set username = '?', password = '?', firstname = '?', lastname = '?', email = '?', user_group_id = '?', date_added = now()";
      		$database->query($database->parse($sql, $request->gethtml('username', 'post'), md5($request->gethtml('password', 'post')), $request->gethtml('firstname', 'post'), $request->gethtml('lastname', 'post'), $request->gethtml('email', 'post'), $request->gethtml('user_group_id', 'post')));

			$session->set('message', $language->get('text_message'));
			
	  		$response->redirect($url->ssl('user'));
    	}
    
    	$template->set('content', $this->getForm());
	
		$template->set($module->fetch());
	
    	$response->set($template->fetch('layout.tpl'));
  	}

  	function update() {
		$request  =& $this->locator->get('request');
		$response =& $this->locator->get('response');
		$database =& $this->locator->get('database');
		$url      =& $this->locator->get('url');
		$language =& $this->locator->get('language');
		$template =& $this->locator->get('template');
		$session  =& $this->locator->get('session');
		$module   =& $this->locator->get('module');

    	$language->load('controller/user.php');

    	$template->set('title', $language->get('heading_title'));
	
    	if ($request->isPost() && $request->has('username', 'post') && $this->validateForm()) {
	  		$sql = "update user set username = '?', firstname = '?', lastname = '?', email = '?', user_group_id = '?', date_added = now() where user_id = '?'";
      		$database->query($database->parse($sql, $request->gethtml('username', 'post'), $request->gethtml('firstname', 'post'), $request->gethtml('lastname', 'post'), $request->gethtml('email', 'post'), $request->gethtml('user_group_id', 'post'), $request->gethtml('user_id')));

      		if ($request->gethtml('password', 'post')) { 
	    		$sql = "update user set password = '?' where user_id = '?'";
        		$database->query($database->parse($sql, md5($request->gethtml('password', 'post')), $request->gethtml('user_id')));
      		}
			
			$session->set('message', $language->get('text_message'));
			
	  		$response->redirect($url->ssl('user'));
    	}
    
    	$template->set('content', $this->getForm());
	
		$template->set($module->fetch());
	
    	$response->set($template->fetch('layout.tpl'));
  	}
 
  	function delete() { 
		$request  =& $this->locator->get('request');
		$response =& $this->locator->get('response');
		$database =& $this->locator->get('database');
		$url      =& $this->locator->get('url');
		$language =& $this->locator->get('language');
		$template =& $this->locator->get('template');
		$session  =& $this->locator->get('session');
		$module   =& $this->locator->get('module');

    	$language->load('controller/user.php');

    	$template->set('title', $language->get('heading_title'));
	
    	if (($request->gethtml('user_id')) && ($this->validateDelete())) {
      		$database->query("delete from user where user_id = '" . (int)$request->gethtml('user_id') . "'");

			$session->set('message', $language->get('text_message'));
			
	  		$response->redirect($url->ssl('user'));
    	}
    
    	$template->set('content', $this->getList());
	
		$template->set($module->fetch());
	
    	$response->set($template->fetch('layout.tpl'));
  	}

  	function getList() {
		$request  =& $this->locator->get('request');
		$database =& $this->locator->get('database');
		$config   =& $this->locator->get('config');
		$url      =& $this->locator->get('url');
		$language =& $this->locator->get('language');
		$session  =& $this->locator->get('session');
		$template =& $this->locator->get('template');
	
    	$cols = array();

    	$cols[] = array(
      		'name'  => $language->get('column_username'),
      		'sort'  => 'username',
      		'align' => 'left'
    	);

    	$cols[] = array(
      		'name'  => $language->get('column_date_added'),
      		'sort'  => 'date_added',
      		'align' => 'left'
    	);

    	$cols[] = array(
      		'name'  => $language->get('column_action'),
      		'align' => 'right'
    	);
		
    	if (!$session->get('user.search')) {
      		$sql = "select user_id, username, date_added from user";
    	} else {
      		$sql = "select user_id, username, date_added from user where username like '?'";
    	}
    
		$sort = array(
	  		'username', 
	  		'date_added'
		);
	
    	if (in_array($session->get('user.sort'), $sort)) {
      		$sql .= " order by " . $session->get('user.sort') . " " . (($session->get('user.order') == 'desc') ? 'desc' : 'asc');
    	} else {
      		$sql .= " order by username asc";
    	}
    
    	$results = $database->getRows($database->splitQuery($database->parse($sql, '%' . $session->get('user.search') . '%'), $session->get('user.page'), $config->get('config_max_rows')));

    	$rows = array();

    	foreach ($results as $result) {
      		$cell = array();
 
      		$cell[] = array(
        		'value' => $result['username'],
        		'align' => 'left'
      		);

      		$cell[] = array(
        		'value' => $language->formatDate($language->get('date_format_short'), strtotime($result['date_added'])),
        		'align' => 'left'
      		);
			
			$action = array();
      		
			$action[] = array(
        		'icon' => 'update.png',
				'text' => $language->get('button_update'),
				'href' => $url->ssl('user', 'update', array('user_id' => $result['user_id']))
      		);
						
			$action[] = array(
        		'icon' => 'delete.png',
				'text' => $language->get('button_delete'),
				'href' => $url->ssl('user', 'delete', array('user_id' => $result['user_id']))
      		);

      		$cell[] = array(
        		'action' => $action,
        		'align'  => 'right'
      		);
			
      		$rows[] = array('cell' => $cell);
    	}

    	$view = $this->locator->create('template');

		$view->set('tpl', $template);

    	$view->set('heading_title', $language->get('heading_title'));
    	$view->set('heading_description', $language->get('heading_description'));

    	$view->set('text_results', $language->get('text_results', $database->getFrom(), $database->getTo(), $database->getTotal()));

    	$view->set('entry_page', $language->get('entry_page'));
    	$view->set('entry_search', $language->get('entry_search'));

    	
    	$view->set('button_insert', $language->get('button_insert'));
    	$view->set('button_update', $language->get('button_update'));
    	$view->set('button_delete', $language->get('button_delete'));

    	$view->set('error', @$this->error['message']);
 
		$view->set('message', $session->get('message'));
		
		$session->delete('message');
		  
    	$view->set('action', $url->ssl('user', 'page'));
  
    	$view->set('search', $session->get('user.search'));
    	$view->set('sort', $session->get('user.sort'));
    	$view->set('order', $session->get('user.order'));
    	$view->set('page', $session->get('user.page'));
  
    	$view->set('cols', $cols);
    	$view->set('rows', $rows);
   
    	$view->set('list', $url->ssl('user'));
  
    	$view->set('insert', $url->ssl('user', 'insert'));
    
    	$page_data = array();

    	for ($i = 1; $i <= $database->getPages(); $i++) {
      		$page_data[] = array(
        		'text'  => $language->get('text_pages', $i, $database->getPages()),
        		'value' => $i
      		);
    	}

    	$view->set('pages', $page_data);

		return $view->fetch('content/list.tpl');
  	}

  	function getForm() {
		$request  =& $this->locator->get('request');
		$database =& $this->locator->get('database');
		$url      =& $this->locator->get('url');
		$language =& $this->locator->get('language');
		$template =& $this->locator->get('template');

    	$view = $this->locator->create('template');

		$view->set('tpl', $template);

    	$view->set('heading_title', $language->get('heading_title'));
    	$view->set('heading_description', $language->get('heading_description'));

    	$view->set('entry_username', $language->get('entry_username'));
    	$view->set('entry_password', $language->get('entry_password'));
    	$view->set('entry_confirm', $language->get('entry_confirm'));
    	$view->set('entry_firstname', $language->get('entry_firstname'));
    	$view->set('entry_lastname', $language->get('entry_lastname'));
    	$view->set('entry_email', $language->get('entry_email'));
    	$view->set('entry_user_group', $language->get('entry_user_group'));

    	$view->set('button_save', $language->get('button_save'));
    	$view->set('button_cancel', $language->get('button_cancel'));

    	$view->set('tab_general', $language->get('tab_general'));
    
		$view->set('error', @$this->error['message']);
    	$view->set('error_username', @$this->error['username']);
    	$view->set('error_password', @$this->error['password']);
    	$view->set('error_confirm', @$this->error['confirm']);
    	$view->set('error_firstname', @$this->error['firstname']);
    	$view->set('error_lastname', @$this->error['lastname']);
	
    	$view->set('action', $url->ssl('user', $request->gethtml('action'), array('user_id' => $request->gethtml('user_id'))));
      	   
    	$view->set('cancel', $url->ssl('user'));

    	if (($request->gethtml('user_id')) && (!$request->isPost())) {
      		$user_info = $database->getRow("select distinct * from user where user_id = '" . (int)$request->gethtml('user_id') . "'");
    	}

    	if ($request->has('username', 'post')) {
      		$view->set('username', $request->gethtml('username', 'post'));
    	} else {
      		$view->set('username', @$user_info['username']);
    	}
  
    	$view->set('password', $request->gethtml('password', 'post'));

    	$view->set('confirm', $request->gethtml('confirm', 'post'));
  
    	if ($request->has('firstname', 'post')) {
      		$view->set('firstname', $request->gethtml('firstname', 'post'));
    	} else {
      		$view->set('firstname', @$user_info['firstname']);
    	}

    	if ($request->has('lastname', 'post')) {
      		$view->set('lastname', $request->gethtml('lastname', 'post'));
    	} else {
      		$view->set('lastname', @$user_info['lastname']);
   		}
  
    	if ($request->has('email', 'post')) {
      		$view->set('email', $request->gethtml('email', 'post'));
    	} else {
      		$view->set('email', @$user_info['email']);
    	}

    	if ($request->has('user_group_id', 'post')) {
      		$view->set('user_group_id', $request->gethtml('user_group_id', 'post'));
    	} else {
      		$view->set('user_group_id', @$user_info['user_group_id']);
    	}

    	$view->set('user_groups', $database->getRows("select user_group_id, name from user_group"));
 
 		return $view->fetch('content/user.tpl');	
  	}

  	function validateForm() {
		$request  =& $this->locator->get('request');
		$user     =& $this->locator->get('user');
		$language =& $this->locator->get('language');
        $validate =& $this->locator->get('validate');
	
    	if (!$user->hasPermission('modify', 'user')) {
      		$this->error['message'] = $language->get('error_permission');
    	}
        
        if (!$validate->strlen($request->gethtml('username', 'post'),1,20)) {
      		$this->error['username'] = $language->get('error_username');
    	}

    	if (!$validate->strlen($request->gethtml('firstname', 'post'),1,32)) {
      		$this->error['firstname'] = $language->get('error_firstname');
    	}

        if (!$validate->strlen($request->gethtml('lastname', 'post'),1,32)) {
      		$this->error['lastname'] = $language->get('error_lastname');
    	}

    	if (($request->gethtml('password', 'post')) || ($request->gethtml('action') == 'insert')) {
      		if (!$validate->strlen($request->gethtml('password', 'post'),1,20)) {
        		$this->error['password'] = $language->get('error_password');
      		}
	
	  		if ($request->gethtml('password', 'post') != $request->gethtml('confirm', 'post')) {
	    		$this->error['confirm'] = $language->get('error_confirm');
	  		}
    	}
	
    	if (!$this->error) {
      		return TRUE;
    	} else {
      		return FALSE;
    	}
  	}

  	function validateDelete() { 	
		$user     =& $this->locator->get('user');
		$language =& $this->locator->get('language');
		$request  =& $this->locator->get('request');

		//User is unable to delete them self
    	if ($user->getId() == $request->gethtml('user_id')) {
      		$this->error['message'] = $language->get('error_permission');
    	}

		//User is unable to delete the super admin
    	if ($user->isSuperAdmin($request->gethtml('user_id'))) {
      		$this->error['message'] = $language->get('error_permission');
    	}
	   
    	if (!$user->hasPermission('modify', 'user')) {
      		$this->error['message'] = $language->get('error_permission');
    	}
	  	  	
		if (!$this->error) {
	  		return TRUE;
		} else { 
	  		return FALSE;
		}
  	}
     
	function page() {
		$request  =& $this->locator->get('request');
		$response =& $this->locator->get('response');
		$url      =& $this->locator->get('url');
		$session  =& $this->locator->get('session');

		if ($request->has('search', 'post')) {
			$session->set('user.search', $request->gethtml('search', 'post'));
		}

		if (($request->has('page', 'post')) || ($request->has('search', 'post'))) {
			$session->set('user.page', $request->gethtml('page', 'post'));
		}

		if ($request->has('sort', 'post')) {
			$session->set('user.order', (($session->get('user.sort') == $request->gethtml('sort', 'post')) && ($session->get('user.order') == 'asc')) ? 'desc' : 'asc');
		}

		if ($request->has('sort', 'post')) {
			$session->set('user.sort', $request->gethtml('sort', 'post'));
		}

		$response->redirect($url->ssl('user'));
	}  
}
?>
